forked from EFForg/https-everywhere
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathhttps-e.html
More file actions
225 lines (187 loc) · 6.95 KB
/
https-e.html
File metadata and controls
225 lines (187 loc) · 6.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
<script src="rule_list.js"></script>
<script src="util.js"></script>
<script src="rules.js"></script>
<script>
var all_rules = new RuleSets();
var wr = chrome.webRequest;
/*
for (var v in localStorage) {
log(DBUG, "localStorage["+v+"]: "+localStorage[v]);
}
var rs = all_rules.applicableRulesets("www.google.com");
for (r in rs) {
log(DBUG, rs[r].name +": "+ rs[r].active);
log(DBUG, rs[r].name +": "+ rs[r].default_state);
}
*/
function AppliedRulesets() {
this.active_tab_rules = {}
var that = this;
chrome.tabs.onRemoved.addListener(function(tabId, info) {
that.removeTab(tabId);
});
}
AppliedRulesets.prototype = {
addRulesetToTab: function(tabId, ruleset) {
if (tabId in this.active_tab_rules) {
this.active_tab_rules[tabId][ruleset.name] = ruleset;
} else {
this.active_tab_rules[tabId] = {};
this.active_tab_rules[tabId][ruleset.name] = ruleset;
}
},
getRulesets: function(tabId) {
if (tabId in this.active_tab_rules)
return this.active_tab_rules[tabId];
else
return null;
},
removeTab: function(tabId) {
delete this.active_tab_rules[tabId];
}
};
// FIXME: change this name
var activeRulesets = new AppliedRulesets();
var urlBlacklist = {};
// redirect counter workaround
// TODO: Remove this code if they ever give us a real counter
var redirectCounter = {};
function onBeforeRequest(details) {
if (details.url in urlBlacklist) {
return;
}
var a = document.createElement('a');
a.href = details.url;
if (details.type == "main_frame") {
activeRulesets.removeTab(details.tabId);
}
if (details.requestId in redirectCounter) {
redirectCounter[details.requestId] += 1;
log(DBUG, "Got redirect id "+details.requestId+
": "+redirectCounter[details.requestId]);
} else {
redirectCounter[details.requestId] = 0;
}
if (redirectCounter[details.requestId] > 9) {
log(NOTE, "Redirect counter hit for "+details.url);
urlBlacklist[details.url] = true;
return;
}
var newuri = null;
var i = 0;
var rs = all_rules.applicableRulesets(a.host);
for(i = 0; i < rs.length; ++i) {
activeRulesets.addRulesetToTab(details.tabId, rs[i]);
if (rs[i].active && !newuri)
newuri = rs[i]._apply(details.url);
}
if (newuri) {
log(DBUG, "Redirecting from "+a.href+" to "+newuri);
return {redirectUrl: newuri};
}
}
function onCookieChanged(changeInfo) {
if (!changeInfo.removed && !changeInfo.cookie.secure) {
if (all_rules.shouldSecureCookie(changeInfo.cookie)) {
var cookie = {name:changeInfo.cookie.name,value:changeInfo.cookie.value,
domain:changeInfo.cookie.domain,path:changeInfo.cookie.path,
httpOnly:changeInfo.cookie.httpOnly,
expirationDate:changeInfo.cookie.expirationDate,
storeId:changeInfo.cookie.storeId};
cookie.secure = true;
// FIXME: What is with this url noise? are we just supposed to lie?
if (cookie.domain[0] == ".") {
cookie.url = "https://www"+cookie.domain+cookie.path;
} else {
cookie.url = "https://"+cookie.domain+cookie.path;
}
// We get repeated events for some cookies because sites change their
// value repeatedly and remove the 'secure' flag.
log(DBUG,
"Securing cookie "+cookie.name+" for "+cookie.domain+", was secure="+changeInfo.cookie.secure);
chrome.cookies.set(cookie);
}
}
}
// This event is needed due to the potential race between cookie permissions
// update and cookie transmission, becuase the cookie API is non-blocking..
function onHeadersReceived(details) {
var a = document.createElement('a');
a.href = details.url;
var host = a.hostname;
// TODO: Verify this with wireshark
for (var h in details.responseHeaders) {
if (details.responseHeaders[h].name == "Set-Cookie") {
var cookie = details.responseHeaders[h].value;
if (cookie.indexOf("; Secure") == -1) {
log(DBUG, "Got insecure cookie header: "+cookie);
var ruleset = null;
// Create a fake "nsICookie2"-ish object to pass in to our rule API:
if ((ruleset = all_rules.shouldSecureCookie({domain:a.hostname,
name:cookie.split("=")[0]}))) {
activeRulesets.addRulesetToTab(details.tabId, ruleset);
details.responseHeaders[h].value = cookie+"; Secure";
log(INFO, "Secured cookie: "+details.responseHeaders[h].value);
}
}
}
}
return {responseHeaders:details.responseHeaders};
}
// This event is needed due to the potential race between cookie permissions
// update and cookie transmission, becuase the cookie API is non-blocking..
// It would be less perf impact to have a blocking version of the cookie API
// available instead.
function onBeforeSendHeaders(details) {
var a = document.createElement('a');
a.href = details.url;
var host = a.hostname;
if(a.protocol == "https:") {
// All cookies may be sent over https...
return;
}
// TODO: Verify this with wireshark
for (var h in details.requestHeaders) {
if (details.requestHeaders[h].name == "Cookie") {
var newCookies = [];
var cookies = details.requestHeaders[h].value.split(";");
for (var c in cookies) {
var ruleset = null;
// Create a fake "nsICookie2"-ish object to pass in to our rule API:
if ((ruleset = all_rules.shouldSecureCookie({domain:a.hostname,
name:cookies[c].split("=")[0]}))) {
activeRulesets.addRulesetToTab(details.tabId, ruleset);
log(INFO, "Woah, we lost the race on updating a cookie: "+details.requestHeaders[h].value);
} else {
newCookies.push(cookies[c]);
}
}
details.requestHeaders[h].value = newCookies.join(";");
log(DBUG, "Got new cookie header: "+details.requestHeaders[h].value);
}
}
return {requestHeaders:details.requestHeaders};
}
function onResponseStarted(details) {
if (details.tabId == -1) {
return;
}
if (this.activeRulesets.getRulesets(details.tabId)) {
chrome.pageAction.show(details.tabId);
}
// redirect counter workaround
// TODO: Remove this code if they ever give us a real counter
if (details.requestId in redirectCounter) {
delete redirectCounter[details.requestId];
}
}
wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["http://*/*"]}, ["blocking"]);
wr.onBeforeSendHeaders.addListener(onBeforeSendHeaders, {urls: ["http://*/*"]}, //{urls: ["*://*/*"]},
["requestHeaders", "blocking"]);
// FIXME: We probably do want all urls.. or at least http+https+spdy?
wr.onHeadersReceived.addListener(onHeadersReceived, {urls: ["https://*/*", "http://*/*"]},
["responseHeaders", "blocking"]);
wr.onResponseStarted.addListener(onResponseStarted,
{urls: ["https://*/*", "http://*/*"]});
chrome.cookies.onChanged.addListener(onCookieChanged);
</script>